ffv1: fix out-of-bounds read
authorVittorio Giovara <vittorio.giovara@gmail.com>
Tue, 11 Nov 2014 16:40:04 +0000 (17:40 +0100)
committerVittorio Giovara <vittorio.giovara@gmail.com>
Thu, 13 Nov 2014 00:41:26 +0000 (01:41 +0100)
CC: libav-stable@libav.org
Bug-Id: CID 1047234

libavcodec/ffv1enc.c

index 179453d..93630b4 100644 (file)
@@ -71,7 +71,7 @@ static void find_best_state(uint8_t best_state[256][256],
                     best_len[k]      = len;
                     best_state[i][k] = j;
                 }
-                for (m = 0; m < 256; m++)
+                for (m = 1; m < 256; m++)
                     if (occ[m]) {
                         newocc[one_state[m]]             += occ[m] * p;
                         newocc[256 - one_state[256 - m]] += occ[m] * (1 - p);